Home » Cisco Manuals » Bridges & Routers » Cisco ASR1002-10G-VPN/K9 » Manual Viewer

Cisco ASR1002-10G-VPN/K9 Software Guide - Page 281

allow, allow interruptible, Ctrl-C, Ctrl-Shift-6, none disconnect, ip ssh, rsa keypair-name

View all Cisco ASR1002-10G-VPN/K9 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 281 highlights

Chapter 8 Console Port, Telnet, and SSH Handling Configuring Persistent SSH Step 4 Command or Action connection wait [allow {interruptible}| none {disconnect}] Example: Router(config-tmap)# connection wait allow interruptible Purpose Specifies how a persistent SSH connection will be handled using this transport map: • allow-The SSH connection waits for the vty line to become available, and exits the router if interrupted. • allow interruptible-The SSH connection waits for the vty line to become available, and also allows users to enter diagnostic mode by interrupting a SSH connection waiting for the vty line to become available. This is the default setting. Note Users can interrupt a waiting connection by entering Ctrl-C or Ctrl-Shift-6. Step 5 Step 6 Step 7 • none-The SSH connection immediately enters diagnostic mode. • none disconnect-The SSH connection does not wait for the vty line from IOS and does not enter diagnostic mode, so all SSH connections are rejected if no vty line is immediately available. rsa keypair-name rsa-keypair-name Names the RSA keypair to be used for persistent SSH connections. Example: Router(config-tmap)# rsa keypair-name sshkeys For persistent SSH connections, the RSA keypair name must be defined using this command in transport map configuration mode. The RSA keypair definitions defined elsewhere on the router, such as through the use of the ip ssh rsa keypair-name command, do not apply to persistent SSH connections. No rsa-keypair-name is defined by default. authentication-retries number-of-retries (Optional) Specifies the number of authentication retries before dropping the connection. Example: The default number-of-retries is 3. Router(config-tmap)# authentication-retries 4 banner [diagnostic | wait] banner-message Example: Router(config-tmap)# banner diagnostic X Enter TEXT message. End with the character 'X'. --Welcome to Diagnostic Mode-X Router(config-tmap)# (Optional) Creates a banner message that will be seen by users entering diagnostic mode or waiting for the vty line as a result of the persistent SSH configuration. • diagnostic-Creates a banner message seen by users directed into diagnostic mode as a result of the persistent SSH configuration. • wait-Creates a banner message seen by users waiting for the vty line to become active. • banner-message-The banner message, which begins and ends with the same delimiting character. OL-16506-10 Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide 8-9

Section	Page
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide	1
Contents	3
Preface	11
Objectives	11
Document Revision History	12
Organization	13
Related Documentation	14
Cisco ASR 1000 Series Routers Documentation	14
Conventions	15
Obtaining Documentation and Submitting a Service Request	16
Software Packaging and Architecture	17
Software Packaging on the Cisco ASR 1000 Series Routers	17
ASR 1000 Series Routers Software Overview	17
Consolidated Packages	18
Important Information About Consolidated Packages	18
Individual Software SubPackages Within a Consolidated Package	19
Important Notes About Individual SubPackages	19
Optional Software SubPackages Outside of Consolidated Packages	20
Important Notes About Optional SubPackages	20
Provisioning Files	20
Important Notes About Provisioning Files	21
ROMmon Image	21
File to Upgrade Field Programmable Hardware Devices	21
Processes Overview	22
IOS as a Process	23
Dual IOS Processes	24
File Systems on the Cisco ASR 1000 Series Router	24
Autogenerated File Directories and Files	25
Important Notes About Autogenerated Directories	25
Using Cisco IOS XE Software	27
Accessing the CLI Using a Router Console	27
Accessing the CLI Using a Directly-Connected Console	28
Connecting to the Console Port	28
Using the Console Interface	28
Accessing the CLI from a Remote Console Using Telnet	29
Preparing to Connect to the Router Console Using Telnet	29
Using Telnet to Access a Console Interface	29
Accessing the CLI from a Remote Console Using a Modem	30
Using the Auxiliary Port	30
Using Keyboard Shortcuts	31
Using the History Buffer to Recall Commands	31
Understanding the Command Mode	32
Understanding the Diagnostic Mode	33
Getting Help	34
Finding Command Options	34
Using the no and default Forms of Commands	37
Saving Configuration Changes	38
Managing Configuration Files	38
Filtering the Output of the show and more Commands	39
Powering Off a Router	40
Finding Support Information for Platforms and Cisco Software Images	40
Using the Cisco Feature Navigator	40
Using the Software Advisor	41
Using the Software Release Notes	41
Consolidated Packages and SubPackages Management	43
Running the Cisco ASR 1000 Series Routers: An Overview	43
Running the Cisco ASR 1000 Series Routers Using Individual and Optional SubPackages: An Overview	44
Running the Cisco ASR 1000 Series Routers Using a Consolidated Package: An Overview	44
Running the Cisco ASR 1000 Series Routers: A Summary	45
Software File Management Using Command Sets	46
The request platform Command Set	46
The copy Command	47
The issu Command Set	47
Managing and Configuring the Router to Run Using Consolidated Packages and Individual SubPackages	48
Quick Start Software Upgrade	48
Managing and Configuring a Router to Run Using a Consolidated Package	49
Managing and Configuring a Consolidated Package Using the copy Command	49
Managing and Configuring a Consolidated Package Using the request platform software package install Command	50
Managing and Configuring a Router to Run Using Individual SubPackages From a Consolidated Package	52
Extracting a Consolidated Package and Booting Using the Provisioning File	52
Copying a Set of Individual SubPackage Files, and Booting Using a Provisioning File	56
Managing and Configuring a Router to Run Using Optional SubPackages	56
Installing an Optional SubPackage	57
Uninstalling an Optional SubPackage	58
Troubleshooting Software Mismatch with ESP Board ASR1000-ESP10-N	60
Upgrading Individual SubPackages	60
Upgrading a SPA SubPackage	61
Software Upgrade Process	63
ISSU Upgrade for Redundant Platforms	64
Overview of ISSU on the Cisco ASR 1000 Series Routers	64
ISSU Rollback Timer Overview	65
Software Upgrade with Dual IOS Processes on a Single RP Overview	66
Cisco IOS XE Software Package Compatibility for ISSU	66
Prerequisites for ISSU	66
Restrictions for ISSU	67
ISSU Upgrade Procedures	67
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration	67
Using ISSU to Upgrade the SubPackages in a Dual Route Processor Configuration	74
In Service One-Shot Software Upgrade Procedure	135
ISSU Procedures (Prior to Cisco IOS XE Release 2.1.2)	135
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration (Prior to Cisco IOS XE 2.1.2)	136
Using ISSU to Upgrade SubPackages (Prior to Cisco IOS XE Release 2.1.2)	136
Upgrade Process With Service Impact for Nonredundant Platforms	137
Configuring SSO on a Cisco ASR 1001, Cisco ASR 1002, or Cisco ASR 1004 Router	138
Using SubPackages for Software Upgrade on a Cisco ASR 1001 Router	140
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (software upgrade Command Set)	156
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (request platform Command Set)	181
High Availability Overview	203
Hardware Redundancy Overview on the Cisco ASR 1000 Series Routers	203
Software Redundancy on the Cisco ASR 1000 Series Routers	205
Software Redundancy Overview	205
Second IOS Process on a Cisco ASR 1002 or 1004 Router	206
Route Processor Redundancy	207
Stateful Switchover	207
SSO-Aware Protocol and Applications	208
IPsec Failover	208
Bidirectional Forwarding Detection	208
Broadband Scalability and Performance	209
PPP Sessions and L2TP Tunnel Scaling	209
Restrictions for PPP Sessions and L2TP Tunnel Scaling	210
IP Sessions Scaling	211
Layer 4 Redirect Scaling	211
Configuring the Cisco ASR 1000 Series Router for High Scalability	211
Configuring Call Admission Control	212
Control Plane Policing	212
VPDN Group Session Limiting	213
PPPoE Session Limiting	213
Monitoring PPP Sessions Using the SNMP Management Tools	213
Configuring the Access Interface Input and Output Hold Queue	213
Configuring the keepalive Command	214
Scaling the L2TP Tunnel Configurations	214
Using the cisco-avpair=\	214
Enhancing the Scalability of Per-User Configurations	215
Setting the VRF and IP Unnumbered Interface Configurations in User Profiles	215
Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates	216
Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs	216
Configuring Call Home	217
Information About Call Home	217
Benefits of Using Call Home	218
How to Obtain Smart Call Home Service	218
Prerequisites for Call Home	219
How to Configure Call Home	219
Configuring the Management Interface VRF	220
What To Do Next	221
Configuring a Destination Profile	221
Configuring a Destination Profile to Send Email Messages	221
Configuring a Destination Profile to Send HTTP Messages	226
Working With Destination Profiles	228
Subscribing to Alert Groups	231
Periodic Notification	232
Message Severity Threshold	232
Syslog Pattern Matching	232
Configuring Contact Information	235
Example	236
Configuring the Number of Call Home Messages Sent Per Minute	236
Enabling and Disabling Call Home	237
Sending Call Home Communications Manually	238
Sending a Call Home Test Message Manually	238
Sending Call Home Alert Group Messages Manually	238
Submitting Call Home Analysis and Report Requests	239
Sending the Output of a Command to Cisco or an E-Mail Address	240
How To Configure Call Home to Support the Smart Call Home Service	241
Prerequisites	241
Configure and Enable Call Home	242
Declare and Authenticate a CA Trustpoint	244
Examples	245
Start Smart Call Home Registration	246
What To Do Next	246
Displaying Call Home Configuration Information	247
Examples	248
Default Settings	252
Alert Group Trigger Events and Commands	253
Message Contents	255
Sample Syslog Alert Notification in Long Text Format	259
Sample Syslog Alert Notification in XML Format	263
Additional References	269
Related Documents	269
Standards	269
MIBs	270
RFCs	270
Technical Assistance	270
Feature Information for Call Home	270
Console Port, Telnet, and SSH Handling	273
Console Port Overview for the Cisco ASR 1000 Series Routers	273
Console Port Handling Overview	273
Telnet and SSH Overview for the Cisco ASR 1000 Series Routers	274
Persistent Telnet and Persistent SSH Overview	274
Configuring a Console Port Transport Map	275
Examples	276
Configuring Persistent Telnet	277
Prerequisites	277
Examples	279
Configuring Persistent SSH	280
Examples	282
Viewing Console Port, SSH, and Telnet Handling Configurations	283
Important Notes and Restrictions	288
Using the Management Ethernet Interface	289
Gigabit Ethernet Management Interface Overview	289
Gigabit Ethernet Port Numbering	290
IP Address Handling in ROMmon and the Management Ethernet Port	290
Gigabit Ethernet Management Interface VRF	290
Common Ethernet Management Tasks	291
Viewing the VRF Configuration	291
Viewing Detailed VRF Information for the Management Ethernet VRF	292
Setting a Default Route in the Management Ethernet Interface VRF	292
Setting the Management Ethernet IP Address	292
Telnetting over the Management Ethernet Interface	293
Pinging over the Management Ethernet Interface	293
Copy Using TFTP or FTP	293
NTP Server	293
SYSLOG Server	294
SNMP-Related Services	294
Domain Name Assignment	294
DNS service	294
RADIUS or TACACS+ Server	294
VTY lines with ACL	295
Synchronous Ethernet Support	297
Synchronous Ethernet Overview	297
Synchronization Status Message and Ethernet Synchronization Messaging Channel	298
Synchronization Status Message	299
Ethernet Synchronization Messaging Channel	299
Clock Selection Algorithm	299
Restrictions and Usage Guidelines	300
Configuring Synchronous Ethernet	300
Configuring Clock Recovery from SyncE	301
Configuring Clock Recovery from a BITS Port	303
Configuring a SyncE Using the Line-to-External Method	305
Managing Synchronization on the Cisco ASR 1000 Series Router	307
Verifying the SyncE Configuration	309
Troubleshooting the SyncE Configuration	312
Configuring Bridge Domain Interfaces	315
Restrictions for the Bridge Domain Interface	315
Information About a Bridge Domain Interface	315
Ethernet Virtual Circuit Overview	316
Assigning a MAC Address	316
Support for IP Protocols	316
Support for IP Forwarding	317
Packet Forwarding	317
Layer 2 to Layer 3	317
Layer 3 to Layer 2	317
Link States of a Bridge Domain and a Bridge Domain Interface	318
Bridge Domain Interface Statistics	318
Creating or Deleting a Bridge Domain Interface	318
Bridge Domain Interface Scalability	319
Configuring a Bridge Domain Interface	319
Monitoring and Maintaining Multilink Frame Relay	323
Feature Overview	323
Configuring Multilink Frame Relay	323
Monitoring and Maintaining Frame Relay and Multilink Frame Relay	323
Tracing and Trace Management	325
Tracing Overview	325
How Tracing Works	325
Tracing Levels	326
Viewing a Tracing Level	327
Setting a Tracing Level	328
Viewing the Content of the Trace Buffer	329
Configuring and Accessing the Web User Interface	331
Web User Interface Overview	331
Web User Interface General Overview	331
Legacy Web User Interface Overview	332
Graphics-Based Web User Interface Overview	333
Persistent Web User Interface Transport Maps Overview	334
Configuring the Router for Web User Interface Access	335
Authentication and the Web User Interface	337
Domain Name System and the Web User Interface	337
Clocks and the Web User Interface	337
Accessing the Web User Interface	338
Using Auto Refresh	339
Web User Interface Tips and Tricks	340
Unsupported Commands	341
Configuration Examples	345
Configuring the Router to Boot the Consolidated Package on the TFTP Server	345
Copying the Consolidated Package from the TFTP Server to the Router	349
Configuring the Router to Boot Using the Consolidated Package Stored on the Router	350
Extracting the SubPackages from a Consolidated Package into the Same File System	351
Extracting the SubPackages from a Consolidated Package into a Different File System	353
Configuring the Router to Boot Using the SubPackages	354
Backing Up Configuration Files	358
Copying a Startup Configuration File to Bootflash	358
Copying a Startup Configuration File to an USB Flash Disk	358
Copying a Startup Configuration File to a TFTP Server	359
Enabling a Second IOS Process on a Single RP Using SSO	359
ISSU-Consolidated Package Upgrade	363

Match case Limit results 1 per page

8-9

Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide

OL-16506-10

Chapter 8

Console Port, Telnet, and SSH Handling

Configuring Persistent SSH

Step 4

connection wait

[

allow

{

interruptible

none

{

disconnect

}]

Example:

Router(config-tmap)#

connection wait allow

interruptible

Specifies how a persistent SSH connection will be handled

using this transport map:

•

allow

—The SSH connection waits for the vty line to

become available, and exits the router if interrupted.

•

allow interruptible

—The SSH connection waits for

the vty line to become available, and also allows users

to enter diagnostic mode by interrupting a SSH

connection waiting for the vty line to become available.

This is the default setting.

Note

Users can interrupt a waiting connection by

entering

Ctrl-C

Ctrl-Shift-6

•

none

—The SSH connection immediately enters

diagnostic mode.

•

none disconnect

—The SSH connection does not wait

for the vty line from IOS and does not enter diagnostic

mode, so all SSH connections are rejected if no vty line

is immediately available.

Step 5

rsa keypair-name

rsa-keypair-name

Example:

Router(config-tmap)#

rsa keypair-name sshkeys

Names the RSA keypair to be used for persistent SSH

connections.

For persistent SSH connections, the RSA keypair name

must be defined using this command in transport map

configuration mode. The RSA keypair definitions defined

elsewhere on the router, such as through the use of the

ip ssh

rsa keypair-name

command, do not apply to persistent

SSH connections.

rsa-keypair-name

is defined by default.

Step 6

authentication-retries

number-of-retries

Example:

Router(config-tmap)#

authentication-retries 4

(Optional) Specifies the number of authentication retries

before dropping the connection.

The default

number-of-retries

is 3.

Step 7

banner

[

diagnostic

wait

]

banner-message

Example:

Router(config-tmap)#

banner diagnostic X

Enter TEXT message

End with the character

'X'.

--Welcome to Diagnostic Mode--

Router(config-tmap)#

(Optional) Creates a banner message that will be seen by

users entering diagnostic mode or waiting for the vty line as

a result of the persistent SSH configuration.

•

diagnostic

—Creates a banner message seen by users

directed into diagnostic mode as a result of the

persistent SSH configuration.

•

wait

—Creates a banner message seen by users waiting

for the vty line to become active.

•

banner-message

—The banner message, which begins

and ends with the same delimiting character.

Command or Action

Purpose